Commit 54de197c authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'x86_sgx_for_6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 

Pull x86 SGX updates from Dave HansenL
 "The main content here is adding support for the new EUPDATESVN SGX
  ISA. Before this, folks who updated microcode had to reboot before
  enclaves could attest to the new microcode. The new functionality lets
  them do this without a reboot.

  The rest are some nice, but relatively mundane comment and kernel-doc
  fixups.

  Summary:

   - Allow security version (SVN) updates so enclaves can attest to new
     microcode

   - Fix kernel docs typos"

* tag 'x86_sgx_for_6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/sgx: Fix a typo in the kernel-doc comment for enum sgx_attribute
  x86/sgx: Remove superfluous asterisk from copyright comment in asm/sgx.h
  x86/sgx: Document structs and enums with '@', not '%'
  x86/sgx: Add kernel-doc descriptions for params passed to vDSO user handler
  x86/sgx: Add a missing colon in kernel-doc markup for "struct sgx_enclave_run"
  x86/sgx: Enable automatic SVN updates for SGX enclaves
  x86/sgx: Implement ENCLS[EUPDATESVN]
  x86/sgx: Define error codes for use by ENCLS[EUPDATESVN]
  x86/cpufeatures: Add X86_FEATURE_SGX_EUPDATESVN feature flag
  x86/sgx: Introduce functions to count the sgx_(vepc_)open()
parents c76431e3 f2f22721

arch/x86/include/asm/cpufeatures.h

+1 −0
Original line number Diff line number Diff line
@@ -499,6 +499,7 @@ 
#define X86_FEATURE_IBPB_EXIT_TO_USER	(21*32+14) /* Use IBPB on exit-to-userspace, see VMSCAPE bug */

#define X86_FEATURE_ABMC		(21*32+15) /* Assignable Bandwidth Monitoring Counters */

#define X86_FEATURE_MSR_IMM		(21*32+16) /* MSR immediate form instructions */

#define X86_FEATURE_SGX_EUPDATESVN	(21*32+17) /* Support for ENCLS[EUPDATESVN] instruction */



#define X86_FEATURE_SDCIAE		(21*32+18) /* L3 Smart Data Cache Injection Allocation Enforcement */

arch/x86/include/asm/sgx.h

+52 −45
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

/**

/*

 * Copyright(c) 2016-20 Intel Corporation.

 *

 * Intel Software Guard Extensions (SGX) support.
@@ -43,6 +43,7 @@ enum sgx_encls_function { 
	EAUG		= 0x0D,

	EMODPR		= 0x0E,

	EMODT		= 0x0F,

	EUPDATESVN	= 0x18,

};



/**
@@ -65,15 +66,19 @@ enum sgx_encls_function { 


/**

 * enum sgx_return_code - The return code type for ENCLS, ENCLU and ENCLV

 * %SGX_EPC_PAGE_CONFLICT:	Page is being written by other ENCLS function.

 * %SGX_NOT_TRACKED:		Previous ETRACK's shootdown sequence has not

 * @SGX_EPC_PAGE_CONFLICT:	Page is being written by other ENCLS function.

 * @SGX_NOT_TRACKED:		Previous ETRACK's shootdown sequence has not

 *				been completed yet.

 * %SGX_CHILD_PRESENT		SECS has child pages present in the EPC.

 * %SGX_INVALID_EINITTOKEN:	EINITTOKEN is invalid and enclave signer's

 * @SGX_CHILD_PRESENT:		SECS has child pages present in the EPC.

 * @SGX_INVALID_EINITTOKEN:	EINITTOKEN is invalid and enclave signer's

 *				public key does not match IA32_SGXLEPUBKEYHASH.

 * %SGX_PAGE_NOT_MODIFIABLE:	The EPC page cannot be modified because it

 * @SGX_PAGE_NOT_MODIFIABLE:	The EPC page cannot be modified because it

 *				is in the PENDING or MODIFIED state.

 * %SGX_UNMASKED_EVENT:		An unmasked event, e.g. INTR, was received

 * @SGX_INSUFFICIENT_ENTROPY:	Insufficient entropy in RNG.

 * @SGX_NO_UPDATE:		EUPDATESVN could not update the CPUSVN because the

 *				current SVN was not newer than CPUSVN. This is the most

 *				common error code returned by EUPDATESVN.

 * @SGX_UNMASKED_EVENT:		An unmasked event, e.g. INTR, was received

 */

enum sgx_return_code {

	SGX_EPC_PAGE_CONFLICT		= 7,
@@ -81,6 +86,8 @@ enum sgx_return_code { 
	SGX_CHILD_PRESENT		= 13,

	SGX_INVALID_EINITTOKEN		= 16,

	SGX_PAGE_NOT_MODIFIABLE		= 20,

	SGX_INSUFFICIENT_ENTROPY	= 29,

	SGX_NO_UPDATE			= 31,

	SGX_UNMASKED_EVENT		= 128,

};
@@ -89,7 +96,7 @@ enum sgx_return_code { 


/**

 * enum sgx_miscselect - additional information to an SSA frame

 * %SGX_MISC_EXINFO:	Report #PF or #GP to the SSA frame.

 * @SGX_MISC_EXINFO:	Report #PF or #GP to the SSA frame.

 *

 * Save State Area (SSA) is a stack inside the enclave used to store processor

 * state when an exception or interrupt occurs. This enum defines additional
@@ -105,17 +112,17 @@ enum sgx_miscselect { 
#define SGX_SSA_MISC_EXINFO_SIZE	16



/**

 * enum sgx_attributes - the attributes field in &struct sgx_secs

 * %SGX_ATTR_INIT:		Enclave can be entered (is initialized).

 * %SGX_ATTR_DEBUG:		Allow ENCLS(EDBGRD) and ENCLS(EDBGWR).

 * %SGX_ATTR_MODE64BIT:		Tell that this a 64-bit enclave.

 * %SGX_ATTR_PROVISIONKEY:      Allow to use provisioning keys for remote

 * enum sgx_attribute - the attributes field in &struct sgx_secs

 * @SGX_ATTR_INIT:		Enclave can be entered (is initialized).

 * @SGX_ATTR_DEBUG:		Allow ENCLS(EDBGRD) and ENCLS(EDBGWR).

 * @SGX_ATTR_MODE64BIT:		Tell that this a 64-bit enclave.

 * @SGX_ATTR_PROVISIONKEY:      Allow to use provisioning keys for remote

 *				attestation.

 * %SGX_ATTR_KSS:		Allow to use key separation and sharing (KSS).

 * %SGX_ATTR_EINITTOKENKEY:	Allow to use token signing key that is used to

 * @SGX_ATTR_KSS:		Allow to use key separation and sharing (KSS).

 * @SGX_ATTR_EINITTOKENKEY:	Allow to use token signing key that is used to

 *				sign cryptographic tokens that can be passed to

 *				EINIT as an authorization to run an enclave.

 * %SGX_ATTR_ASYNC_EXIT_NOTIFY:	Allow enclaves to be notified after an

 * @SGX_ATTR_ASYNC_EXIT_NOTIFY:	Allow enclaves to be notified after an

 *				asynchronous exit has occurred.

 */

enum sgx_attribute {
@@ -188,7 +195,7 @@ struct sgx_secs { 


/**

 * enum sgx_tcs_flags - execution flags for TCS

 * %SGX_TCS_DBGOPTIN:	If enabled allows single-stepping and breakpoints

 * @SGX_TCS_DBGOPTIN:	If enabled allows single-stepping and breakpoints

 *			inside an enclave. It is cleared by EADD but can

 *			be set later with EDBGWR.

 */
@@ -253,11 +260,11 @@ struct sgx_pageinfo { 


/**

 * enum sgx_page_type - bits in the SECINFO flags defining the page type

 * %SGX_PAGE_TYPE_SECS:	a SECS page

 * %SGX_PAGE_TYPE_TCS:	a TCS page

 * %SGX_PAGE_TYPE_REG:	a regular page

 * %SGX_PAGE_TYPE_VA:	a VA page

 * %SGX_PAGE_TYPE_TRIM:	a page in trimmed state

 * @SGX_PAGE_TYPE_SECS:	a SECS page

 * @SGX_PAGE_TYPE_TCS:	a TCS page

 * @SGX_PAGE_TYPE_REG:	a regular page

 * @SGX_PAGE_TYPE_VA:	a VA page

 * @SGX_PAGE_TYPE_TRIM:	a page in trimmed state

 *

 * Make sure when making changes to this enum that its values can still fit

 * in the bitfield within &struct sgx_encl_page
@@ -275,14 +282,14 @@ enum sgx_page_type { 


/**

 * enum sgx_secinfo_flags - the flags field in &struct sgx_secinfo

 * %SGX_SECINFO_R:	allow read

 * %SGX_SECINFO_W:	allow write

 * %SGX_SECINFO_X:	allow execution

 * %SGX_SECINFO_SECS:	a SECS page

 * %SGX_SECINFO_TCS:	a TCS page

 * %SGX_SECINFO_REG:	a regular page

 * %SGX_SECINFO_VA:	a VA page

 * %SGX_SECINFO_TRIM:	a page in trimmed state

 * @SGX_SECINFO_R:	allow read

 * @SGX_SECINFO_W:	allow write

 * @SGX_SECINFO_X:	allow execution

 * @SGX_SECINFO_SECS:	a SECS page

 * @SGX_SECINFO_TCS:	a TCS page

 * @SGX_SECINFO_REG:	a regular page

 * @SGX_SECINFO_VA:	a VA page

 * @SGX_SECINFO_TRIM:	a page in trimmed state

 */

enum sgx_secinfo_flags {

	SGX_SECINFO_R			= BIT(0),

arch/x86/include/uapi/asm/sgx.h

+8 −2
Original line number Diff line number Diff line
@@ -10,7 +10,7 @@ 


/**

 * enum sgx_page_flags - page control flags

 * %SGX_PAGE_MEASURE:	Measure the page contents with a sequence of

 * @SGX_PAGE_MEASURE:	Measure the page contents with a sequence of

 *			ENCLS[EEXTEND] operations.

 */

enum sgx_page_flags {
@@ -143,6 +143,12 @@ struct sgx_enclave_run; 
/**

 * typedef sgx_enclave_user_handler_t - Exit handler function accepted by

 *					__vdso_sgx_enter_enclave()

 * @rdi:	RDI at the time of EEXIT, undefined on AEX

 * @rsi:	RSI at the time of EEXIT, undefined on AEX

 * @rdx:	RDX at the time of EEXIT, undefined on AEX

 * @rsp:	RSP (untrusted) at the time of EEXIT or AEX

 * @r8:		R8 at the time of EEXIT, undefined on AEX

 * @r9:		R9 at the time of EEXIT, undefined on AEX

 * @run:	The run instance given by the caller

 *

 * The register parameters contain the snapshot of their values at enclave
@@ -166,7 +172,7 @@ typedef int (*sgx_enclave_user_handler_t)(long rdi, long rsi, long rdx, 
 * @exception_addr:		The address that triggered the exception

 * @user_handler:		User provided callback run on exception

 * @user_data:			Data passed to the user handler

 * @reserved			Reserved for future extensions

 * @reserved:			Reserved for future extensions

 *

 * If @user_handler is provided, the handler will be invoked on all return paths

 * of the normal flow.  The user handler may transfer control, e.g. via a

arch/x86/kernel/cpu/cpuid-deps.c

+1 −0
Original line number Diff line number Diff line
@@ -80,6 +80,7 @@ static const struct cpuid_dep cpuid_deps[] = { 
	{ X86_FEATURE_SGX_LC,			X86_FEATURE_SGX	      },

	{ X86_FEATURE_SGX1,			X86_FEATURE_SGX       },

	{ X86_FEATURE_SGX2,			X86_FEATURE_SGX1      },

	{ X86_FEATURE_SGX_EUPDATESVN,		X86_FEATURE_SGX1      },

	{ X86_FEATURE_SGX_EDECCSSA,		X86_FEATURE_SGX1      },

	{ X86_FEATURE_XFD,			X86_FEATURE_XSAVES    },

	{ X86_FEATURE_XFD,			X86_FEATURE_XGETBV1   },

arch/x86/kernel/cpu/scattered.c

+1 −0
Original line number Diff line number Diff line
@@ -43,6 +43,7 @@ static const struct cpuid_bit cpuid_bits[] = { 
	{ X86_FEATURE_PER_THREAD_MBA,		CPUID_ECX,  0, 0x00000010, 3 },

	{ X86_FEATURE_SGX1,			CPUID_EAX,  0, 0x00000012, 0 },

	{ X86_FEATURE_SGX2,			CPUID_EAX,  1, 0x00000012, 0 },

	{ X86_FEATURE_SGX_EUPDATESVN,		CPUID_EAX, 10, 0x00000012, 0 },

	{ X86_FEATURE_SGX_EDECCSSA,		CPUID_EAX, 11, 0x00000012, 0 },

	{ X86_FEATURE_HW_PSTATE,		CPUID_EDX,  7, 0x80000007, 0 },

	{ X86_FEATURE_CPB,			CPUID_EDX,  9, 0x80000007, 0 },